My paper "Challenges in High Accuracy of Malware Detection" is available at IEEExplore

My paper which was presented last July 2012 is now available via IEEExplore. Get it here

e-majalah "The Hacker News" PERCUMA/GRATIS!

The Hacker News atau THN ada menyediakan majalah sekuriti secara percuma dalam bentuk elektronik (PDF). Boleh dimuat turun di sini

NSS 2013 CFP at Madrid

NSS 2013 CFP: here

NSS is an annual international conference covering research in network and system security. The conference seeks submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of network security, privacy, applications security, and system security. Papers describing case studies, implementation experiences, and lessons learned are also encouraged. Topics of interest include but are not limited to:

- Active Defense Systems
- Adaptive Defense Systems
- Analysis, Benchmark of Security Systems
- Applied Cryptography
- Authentication
- Biometric Security
- Complex Systems Security
- Database and System Security
- Data Protection
- Data/System Integrity
- Distributed Access Control
- Distributed Attack Systems
- Denial-of-Service
- High Performance Network Virtualization
- High Performance Security Systems
- Hardware Security
- Identity Management
- Intelligent Defense Systems
- Insider Threats
- Intellectual Property Rights Protection
- Internet and Network Forensics
- Intrusion Detection and Prevention
- Key Distribution and Management
- Large-scale Attacks and Defense
- Malware
- Network Resiliency
- Network Security
- RFID Security and Privacy
- Security Architectures
- Security for Critical Infrastructures
- Security in P2P systems
- Security in Cloud and Grid Systems
- Security in E-Commerce
- Security in Pervasive/Ubiquitous Computing
- Security and Privacy in Smart Grid
- Security and Privacy in Wireless Networks
- Secure Mobile Agents and Mobile Code
- Security Policy
- Security Protocols
- Security Simulation and Tools
- Security Theory and Tools
- Standards and Assurance Methods
- Trusted Computing
- Trust Management
- World Wide Web Security

HITB 2012 Kuala Lumpur, Malaysia

HITB 2012 KUL will be held in the incoming October 2012! I already registered my name and hope to see you guys there!

More info here

avast: can not initialize avast! engine: Invalid argument

I was unable to use my Avast AV on Linux, so I stumbled here due to the similar error message.

The solution as given in the blog;

sysctl -w kernel.shmmax=100000000

It works for me! 

Windows malware detection on Linux host

My favoriate workstation is Linux, but I need to analyze Windows malware.
The are several options such as listed here

On Ubuntu for example, we can simply type

"sudo apt-get install clamav"

F-prot also provides a free Linux host antivirus to analyze Windows malware here

Spotting scam email

A friend asked whether an attachment that she got is trustworthy or not. Upon receiving, I could quickly conclude it is a scam, preying for greedy or needy people. However I notice it seems "localized" a bit, since my friend is a Malaysian, the scam email also use "Malaysia" in the content.

The sample of this "United Nation" scam email can be referred here, someone blogged it out

Kaspersky asking for top notch cryptographer to help them decrypting malware's encryption

Kaspersky, a well known Russian brand in antivirus industry is asking for people out there to decrypt a new malware with an encryption inside. If you have strong math background and able to help them out (ask them for $$$ as well!!), check it out!

source 1
source 2

This malware is thought to have a similar capability as what Stuxnet does - attacking specific platform on SCADA systems.

Scholar Updates: Making New Connections - Google Scholar Blog

I had created a profile on Google Scholar "My Citation" where you could publicly track other people's publications (I mean, your rockstar) as well as managing your own publications.

Here is my page

Most of that I tracked is on "malware" research area.

Here is the details of how you can create your own profile.Scholar Updates: Making New Connections - Google Scholar Blog

DNSSocial

A friend, Mr Amir Haris has spent hundred of hours developing a new concept of DNS tool, DNSsocial . You can use the service for your name server, sharing domain name with friends, signing your domain with DNSSEC and others.

As I am not an expert in your DNS.. kindly go to the website and see it for yourselves. Most of the service is automated and once your domain successfully propagated to the root servers, you will receive an email for notification.

This is my domain that already being registered with DNSsocial .. http://najmi.my

Blackhat US 2012 slides and papers

The recent reading/presentation of BH US 2012 can be downloaded here.